It will probably be much faster if we implement your task for you as a custom service. For us to do this you need to compose a detailed formal specification of what you need to be done. Then we can estimate time and cost.

Thanks for your response. We are now going to explore the API and if stuck will ping.

I need to know one thing related to signature verification of office document (OOXML). If the signature produced is long term i.e. XAdES-X-L (containing timestamp and revocation information i.e, OCSP or CRL) then can Eldos verify the digital signature (references, PKCS#1 verification) using the embedded timestamp time and revocation information for the signer certificate it self?

If yes then will it also verify the timestamp signer certificate revocation at signing time or current time (do confirm which time is used for this) using the embedded revocation?

I need to know one thing related to signature verification of office document (OOXML). If the signature produced is long term i.e. XAdES-X-L (containing timestamp and revocation information i.e, OCSP or CRL) then can Eldos verify the digital signature (references, PKCS#1 verification) using the embedded timestamp time and revocation information for the signer certificate it self?

If yes then will it also verify the timestamp signer certificate revocation at signing time or current time (do confirm which time is used for this) using the embedded revocation?

Yes, it is possible.
XAdES validation is performed in the separate step using TElXAdESVerifier class. See: https://www.eldos.com/documentation/sb...ifier.htmlUsing it you can set ValidationMoment property to specify the time when the signature is validated. Timestamp imprint and timestamp signing certificate are also validated.
You can obtain an instance of TElXAdESVerifier class using signature handler XAdESProcessor property.
For the sample using TElXAdESVerifier class please see Samples\XMLBlackbox\[Language]\AdvancedSigner sample.

While performing signature verification, what is the mechanism of establishing trust. Normally trust should be built ONLY to a Root CA. Will verification ensures this? Any standards followed e.g. RFC 5280 for establishing trust or validation trust? Note that we have our own internally stored trusted Root Certs so we would need to ensure that the root certs which are trusted by ELDOS as part of signature verification, timestamp verification and revocation verification are ALSO trusted by us. If ELDOS can provide us these root CA to which any cryptographic object chains then we can check them locally.

I have tried to add trusted identities in TElCustomCertStorage using TElX509Certificate.LoadFromBufferAuto method by putting certificate DER base64 encoded bytes. Certificates added but no certificate has resolved Subject or Issuer name etc.

We use cookies to help provide you with the best possible online experience. By using this site, you agree that we may store and access cookies on your device. You can find out more about and set your own preferences here.